GNU C Library 安全漏洞

GNU C Library is an open source, free C compiler released under the LGPL license. GNU C Library suffers from a buffer overflow vulnerability that originates from a boundary error in the iconv function when handling untrusted input. An attacker could exploit the vulnerability to cause the...

CVE-2024-30270 mailcow Path Traversal and Arbitrary Code Execution Vulnerability

mailcow: dockerized is an open source groupware/email suite based on docker. A security vulnerability has been identified in mailcow affecting versions prior to 2024-04. This vulnerability is a combination of path traversal and arbitrary code execution, specifically targeting the rspamdmaps...

BIT-GITLAB-2020-13359

The Terraform API in GitLab CE/EE 12.10+ exposed the object storage signed URL on the delete operation allowing a malicious project maintainer to overwrite the Terraform state, bypassing audit and other business controls. Affected versions are =12.10, =13.4, =13.5, 13.5.2...

BIT-DRUPAL-2022-25271

Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter...

CVE-2022-23086

Handlers for CFGPAGE read / write ioctls in the mpr, mps, and mpt drivers allocated a buffer of a caller-specified size, but copied to it a fixed size header. Other heap content would be overwritten if the specified size was too small. Users with access to the mpr, mps or mpt device node may...

Design/Logic Flaw

Handlers for CFGPAGE read / write ioctls in the mpr, mps, and mpt drivers allocated a buffer of a caller-specified size, but copied to it a fixed size header. Other heap content would be overwritten if the specified size was too small. Users with access to the mpr, mps or mpt device node may...

The vulnerability of the APK-reverse engineering tool Apktool in Android systems arises from incorrect path name restrictions for restricted directories. This allows attackers to write or overwrite arbitrary data.

The vulnerability of the APK-reverse engineering tool Apktool relates to an incorrect path name limitation for the restricted access directory. Exploiting this vulnerability could allow a perpetrator to write or overwrite arbitrary data...

Path Traversal

Zip Swift is vulnerable to Zip Path Traversal vulnerability Zip Slip. The vulnerability is due to not sanitizing zip entry while extracting zip files in a destination directory inside a unzipFile function. An attacker can a create a maliciously crafted zip entry which can be extracted to arbitrar...

CVE-2021-46753

Failure to validate the length fields of the ASP AMD Secure Processor sensor fusion hub headers may allow an attacker with a malicious Uapp or ABL to map the ASP sensor fusion hub region and overwrite data structures leading to a potential loss of confidentiality and integrity...

PT-2023-12568 · Amd · Amd Secure Processor

Name of the Vulnerable Software and Affected Versions: AMD Secure Processor affected versions not specified Description: The issue is related to the failure to validate the length fields of the ASP sensor fusion hub headers. This may allow an attacker with a malicious Uapp or ABL to map the ASP...

UBUNTU-CVE-2022-25273

Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter...

CVE-2022-25273

Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter...

PT-2023-12781 · Drupal · Drupal

Name of the Vulnerable Software and Affected Versions: Drupal core versions prior to the fixed version Description: The form API in Drupal core has a vulnerability that affects certain contributed or custom modules' forms, making them susceptible to improper input validation. This could allow an...

SUSE-SU-2023:0602-1 Security update for google-osconfig-agent

This update for google-osconfig-agent fixes the following issues: Updated to version 20230222.00 and bumped go API version to 1.18 to address the following bsc1208723: - CVE-2021-38297: Fixed data overwrite when passing large arguments to GOARCH=wasm GOOS=js bsc1191468. - CVE-2022-23806: Fixed...

SUSE-SU-2023:0600-1 Security update for google-guest-agent

This update for google-guest-agent fixes the following issues: Updated to version 20230222.00 and bumped go API version to 1.18 to address the following bsc1208723: - CVE-2021-38297: Fixed data overwrite when passing large arguments to GOARCH=wasm GOOS=js bsc1191468. - CVE-2022-23806: Fixed...

SUSE CVE-2023-25579

Nextcloud server is a self hosted home cloud product. In affected versions the OC\Files\Node\Folder::getFullPath function was validating and normalizing the string in the wrong order. The function is used in the newFile and newFolder items, which may allow to creation of paths outside of ones own...

CVE-2023-25579

Nextcloud server is a self hosted home cloud product. In affected versions the OC\Files\Node\Folder::getFullPath function was validating and normalizing the string in the wrong order. The function is used in the newFile and newFolder items, which may allow to creation of paths outside of ones own...

CVE-2023-25579 Directory traversal in Nextcloud server

Nextcloud server is a self hosted home cloud product. In affected versions the OC\Files\Node\Folder::getFullPath function was validating and normalizing the string in the wrong order. The function is used in the newFile and newFolder items, which may allow to creation of paths outside of ones own...

CVE-2023-25579

Summary (CVE-2023-25579) Nextcloud server is affected by a directory traversal in OC\Files\Node\Folder::getFullPath(), where the function validated/normalized strings in the wrong order. This can let an attacker craft paths to escape their own space and overwrite data belonging to other users. Th...

Potential directory traversal in OC\Files\Node\Folder::getFullPath

None...